Method and device for controlling the access to knowledge networks

ABSTRACT

The invention relates to an efficient system for user rights in a semantic digital network, whereby users are arranged in the same semantic network as the information objects. The rights are thus derived from the semantic relations between users and information objects in a common semantic network.

The invention relates essentially to a method for deriving user rights in a semantic network.

Semantic networks are being used in increasing numbers for linking information items with one another and finding them again at a later time. These forms of networks with their algorithms are also referred to as knowledge networks or ontologies, whereby information objects are connected with one another by edges which exhibit specific semantics.

Navigation through the network is effected along these edges and for preference by means of inferential algorithms. These traverse the network in the quest for statements.

Because of the complexity of knowledge networks, the need arises for access to be restricted or made possible to specific areas of the network.

In the considerations regarding the structure of the user management, criteria such as efficiency and usability of existing algorithms and data structures play a decisive part.

Known solutions pursue the access control on the table level, such as is known, for example, from relational databanks.

The problem of the invention is to provide an efficient and flexibly configurable access control which is technically and ergonomically integrated, and which take account of the complexity of knowledge networks.

This problem is resolved by the inventions in accordance with the features of the independent claims. Advantageous further embodiments of the inventions are described in the Sub-claims.

If the invention is regarded in abstract terms, the users are presented in the same semantic network as the information objects. Access rights are derived from the semantic relations between users and information objects.

This solution has the advantage that no further metadata is required, such as is the case, for example, with relational databanks. Rather, existing algorithms and inference rules can be used in order to derive user rights. In addition to this, the same efficient memory system can be used for contents and access information. A further technical advantage lies in the fact that no adaptation of the code for the representation of the access information is required. The users and their relations to the information objects are part of the knowledge network as a whole.

Thanks to the use of the efficient memory system and the high-performing algorithms, it is possible for the user rights to be calculated at the time of access. This has the advantage that, instead of static rules, enquiries can also be defined which describe the rights. This is described in detail hereinafter.

The rights system of the present invention makes the decision on access entitlements on the basis of information from the knowledge network.

Users who are intended to be subject to an access control by the rights system are presented as nodes in the knowledge network.

These user nodes are placed in a relationship with the nodes in the knowledge network which serve as starting points for the access rights of the member users.

By means of the rules which configure the rights system it is determined which access rights pertain for the individual user for the knowledge network objects. In this situation a check is carried out as to whether rules exist which allow for an access. This check is effected dynamically in relation to the run time. This ensures that any changes in the knowledge network are immediately deposited in the knowledge network, including in changed access rights.

Users can appear in several roles in relation to the system.

Roles are likewise defined in the knowledge network and simplify the configuration of the rights system. Depending on the role of a person, it is therefore possible for different rights to be defined for entire groups.

Considered in formal terms, a right r: <o, t, op> pertains from the three components of user, target, and operation.

This means that the user of a right (user) can carry out the operation specified (operation) on the target of the right (target). If a part of the right is not defined, the right is deemed to apply to all the objects of the knowledge network which come into question for this part. In addition to the notification of the individual elements, the components can contain quantities. As a result of this, it is possible for groups of users of a right to be defined.

Rights are for preference positively formulated. This means that a negative response will be given at the examination of the right if no positive answer is found. With enquiries to the rights system, attestations for the user, the target, and the knowledge network object respectively are transferred. The rights system seeks a positive response in the rights definitions. In a further preferred embodiment it is possible for a negation to be presented to a right.

In the preferred embodiment, the rights of a knowledge network are defined in a rights tree. This rights tree consists of folders which are arranged and structured in tree fashion. The roots, and therefore the highest folder of this space, is for preference anchored in the central part of the knowledge network, the “root”. The root is the organizational root of the knowledge network. If no rights tree exists in this preferred embodiment, or if this space consists solely of a root folder, then all operations are allowed for all users on all knowledge network objects.

Rights are defined and allocated in sub-folders of the root folder of the rights tree. A right is divided in each case into a folder with its components, which are likewise arranged in folders. The folders, with their user and operations components, form filters of a right, while the folder for the target can contain a search query. The folders of a right do not stand next to each other in the rights tree, but form a part tree of the rights tree as a whole. If rights have the same components, e.g. the same operations, then the same folders can be used for them, i.e. the same components. The other components of these rights are then subdivided into other sub-folders.

The individual components of a right and the definition possibilities are explained hereinafter. The combination of the components will then be considered.

The components of a right are in each case the elements of a folder. They are defined in different ways and means, or arranged in their folders, as explained hereinafter.

Operations:

The definition of op in the rights system is effected for preference by the enumeration of the permitted operations (in the preferred implementation “Read”, “Modify”, “Generate” and “Delete”), which form the elements of an operations folder.

Owner:

The number of owners (o) of a right is represented by the number of elements of the owner folder. For o, individual elements (instances) of a term of the knowledge network come into question, which were indicated as the owner term in the configuration of the rights system. The number of the owners of a right can be a part quantity of these individual elements. The selection of the owners can be for preference effected in three different ways during the processing of the user/owner folder; firstly by explicitly indication, secondly by the accessibility of the owner by and from a knowledge network object, and thirdly by the determination of the role which an owner has adopted.

1. Explicit Indication

The owner or owners of a rights part tree are input explicitly, e.g. by means of an editor. In this situation, individual elements (instances) of the owner term are determined.

If it was intended, for example, that only the beginning of a name should be entered, the system will then look for an object which matches this under the individual elements of the owner term.

Example: The owner term Person has the individual elements Miller and Meier. A further object in the knowledge network may be “Mill”. If, for the indication of an owner, only the beginning of the name “Mi” is entered, the system will then find, as a possible object, only the individual item Miller, and will transfer this as the owner into the folder. The object Mill will not be found, because it does not involve an individual element of an owner term.

2. Owner Accessible from a Knowledge Network Object

The owner is in this case derived from a relationship which pertains between a knowledge network object and the user.

The knowledge network object and the relationship are then explicitly indicated in an editor (see above also). The rights part tree accordingly applies to all user objects which can reach the knowledge network object via this relationship. The owner object from which the relationship is pursued is not determined until the time of the assessment of the rights tree, and not as early as the rights tree definition.

3. Owner of a Specific Role

The contents of the owner folder is defined by means of a role. This role is explicitly indicated at the processing of the folder. The elements of the owner/user folder are calculated at the rights examination.

Target:

The number of targets of a rights part tree can either be indicated explicitly or calculated by means of a search query.

1. Explicit Indication

Any knowledge network object can be drawn into any folder by drag and drop, but for preference not into a search folder of the rights tree. As an element of a corresponding folder in the rights tree, a knowledge network object is the target of a right.

2. Calculation of the Targets in a Search Query

For the calculation of the targets by a search query, a search query is set up in a search folder. The search query is carried out at the examination of the rights, and the knowledge network objects found at this juncture represent the targets of the rights part tree.

With the aid of search enquiries, rules can be created for the targets of rights.

If it is intended that a target object which was calculated in a search query should be accessible by the users/owners in the rights part tree via the edges in the knowledge network, this can be indicated by means of the owner query.

From all the relations indicated in the search, those can be selected by means of which it is intended that the owner should be reachable from the target objects. If it is intended, for example, that in a knowledge network with project data only the knowledge network objects should be accessible for each owner/user from their own project in each case, this can be attained by providing the relationship ‘is project participant in’ as the owner query.

Inverting of Definitions

In exceptional cases it may be a good idea for constituent parts of a right to be formulated negatively (e.g. “all knowledge network types except for individual items from the term Person”). The negation can be applied to owners and targets of a right. It is defined by a negative filter being set in the rights part tree in front of the folder which is to be negated. All the elements contained in this folder form exceptions, to which the rights part tree does not apply.

Restrictions on Attributes and Relations

In the event of it being intended that a right should only apply to certain specific attributes or relations of a knowledge network object, this can then be defined at any point in the rights tree. However, it needs to be borne in mind in that case that this restriction applies for preference to the whole sub-tree, and the rights in this part tree still apply to these objects with this restriction. That is to say, if it is defined in the root folder of the rights tree that operations can only be carried out on the attributes of name and telephone number from the individual items of persons, then all the rights in the sub-folders apply as a maximum to these attributes on these individual items, regardless of the elements in these folders.

Examination of a Right

During the examination of whether an owner may carry out an operation on a knowledge network object, all the part trees of the rights tree will be run through until the requirements formulated in the query can be fulfilled in one of the part trees. In this case, the access being enquired about will be permitted. If no part tree corresponding to the query is found, then the access will be rejected as not permissible.

An examination will be carried out in every folder to determine whether the target of the query is an element of the folder. For this reason, knowledge network objects can be drawn as targets in owner and operations folders.

The folders of a part tree are checked recursively. The folders for operations and owners behave like filters. The sub-folders of these folders are checked if the operation or owner to be examined fulfil the filter criterion. If this is the case, then either the sub-folders will be checked or, if there are none available, a positive response will be returned.

A check is carried out in a search folder as to whether the target of the query is an element of the quantity which is being calculated during the performance of the search query indicated in the folder. If that is the case, then the answer to the examination is positive.

The invention is explained in greater detail hereinafter on the basis of embodiments, which are represented in diagrammatic form in the Figures. The same reference numbers in the individual Figures designate the same elements. Specifically, the Figures show:

FIG. 1 An extract from a knowledge network with the user/owner nodes “Ms. Miller”, responsible for the knowledge network object “Reiber Street Residential Building”;

FIG. 2 Rights in tree form with operations folders and user/owner folders;

FIG. 3 Rights part tree with negative filter.

Within the scope of the invention, numerous derivations and further formulations of the embodiments described can be realised.

FIG. 1 shows a section from a knowledge network, in which the project structure of a construction company is deposited. Accordingly, “Ms. Miller” is responsible for the project of the “Reiber Street Residential Building”, in the role of “Building Manager”.

The rights system can now be configured in such a way, for example, that Ms. Miller receives writing rights to the building sections relating to the “Reiber Street Residential Building” construction project. Construction sections from other construction projects (e.g. “Landwehr Street Car Park”), for which Ms. Miller is not responsible, cannot be processed by her. New construction sections, such as in the sector of “Reiber Street External Installations”, automatically fall into the access area of Ms. Miller.

Changes in the knowledge network, such as a restructuring, in which the responsibilities for “Residential Building” and “Landscape Gardening” are separated in terms of organization, also automatically change the access entitlements of the users concerned (in this case, Ms. Miller would lose her writing right to the “Reiber Street External Installations”).

The components of a right are defined in folders which form a part tree in the rights tree (see FIG. 2). In the leaves of the rights tree it is mostly the target objects of the rights which are defined. The possible operations and the users are filtered out in the folders between the leaves and the roots. Accordingly, the topmost part tree in FIG. 2 shows that the operations Modify and Read can be carried out by all users who hold the role of Project Manager on all objects which can be calculated from the search query in the “Projects” folder.

A part tree of the rights tree does not need to define explicitly all three components of a right. The second part tree in FIG. 2 contains two levels, since there is no indication of the operations. Accordingly, the right defined in this part tree signifies that the user, “Mr. Schuckmann”, may carry out all operations on the calculated objects in the “Road Construction Projects” sub-folder.

The third part tree in FIG. 2 shows that any user can carry out the “Create” operation on any objects of the knowledge network.

FIG. 3 shows the definition of Prohibition, with the aid of a negative filter in the rights part tree, which is set in front of the folder which is to be negated. All the elements contained in this folder form exceptions for which the rights part tree does not apply.

As has already been described earlier, the unfolded rights part tree in FIG. 2 indicates that everything can be read by all users except the elements in the search folder “Group Companies”.

LITERATURE LIST

-   1. Knowledge Engineering: Principles and Methods (Rudi Studer, V.     Richard Benjamins, and Dieter Fensel). -   2. Fausto Rabitti, Elisa Bertino, Won Kim, and Darrell Woelk: A     Model of Authorization for Next-Generation Database Systems, in: ACM     Transactions on Database Systems, Vol. 16, No. 1, March 1991. -   3. Martin S. Olivier and Sebastian H. von Solms: A Taxonomy for     Secure Object-Oriented Databases, in: ACM Transactions on Database     Systems, Vol. 19, No. 1, March 1994. -   4. Gail-Joon Ahn and Ravi Sandhu: Role-Based Authorization     Constraints Specification, in: ACM Transactions on Information and     System Security, Vol. 3, No. 4, November 2000. -   5. Elias Bertino, Sushil Jajodia, and Pierangela Samaratia: Flexible     Authorization Mechanism for Relational Data Management Systems, in:     ACM Transactions on Information Systems, Vol. 17, No. 2, April 1999. -   6. John F. Sowa: Knowledge Representation: Logical, philosophical,     and computational foundations. Brooks/Cole Publishing House, 2000. -   7. And other references disclosed in the documents referred to     above. 

1. Method for the efficient representation of rights in a semantic network deposited in a digital storage medium, which consists of nodes and edges, whereby the nodes represent information objects and the edges represent semantic relations, wherein users or user groups are stored as nodes which are set in relationship with other information objects, whereby the rights are derived via the relations.
 2. Method according to the foregoing claim 1 wherein the rights are determined by derivation dynamically in relation to the run time.
 3. Method according to claim 1 wherein a right is defined by r:<o, t, op>, whereby the right is composed of the components of owner, target, and operation, and wherein an owner (o) of the right may or may not be allowed to carry out the operation (op) on a target (t).
 4. Method according to the claim 3 characterised in that rights are defined positively or negatively.
 5. Method according to claim 1, wherein the rights are arranged in a rights tree in the semantic network.
 6. Method according to claim 1, wherein the rights are defined in a folder hierarchy, whereby the folder hierarchy comprises the levels of Operation, Owner/user, and Target Object.
 7. Method according to claim 1, wherein the rights of an owner is indicated explicitly by referencing of a user or owner group, or by the existence of a relationship between an information object and a user or by the determination of the roles which a user has.
 8. Method according to claim 1, wherein the target is determined explicitly or by a search query.
 9. Method according to claim 1, wherein rights which have concordant components share these components by referencing with one another.
 10. Method according to claim 1 wherein during the examination as to whether a user may carry out an operation on an information object, all the part trees of the rights tree are run through for as long as required until the response from a part tree provides a positive answer; by contrast, if no part tree is found, the response is negative.
 11. Data structure for the deposition of digital rights in a semantic network consisting of nodes and edges, whereby the nodes for represent information objects and the edges represent semantic relations, wherein users or groups are stored as nodes, which are set in relationship with other information objects via the data structure, and whereby the rights are derived via the relations.
 12. Data structure according to claim 11, wherein the right is defined by r:<o, t, op>, whereby the right is composed of the components of owner, target, and operation, whereby an owner o of the right may or may not be allowed to carry out the operation op on a target t, whereby the data structure provides a memory area for the direct or indirect deposition, in particular by means of pointers.
 13. (canceled)
 14. Data carrier comprising a data structure which allows the running of the method according to claim 1, when loaded into a computer.
 15. Data carrier comprising a data structure according to claim
 11. 